mirror of
https://we.phorge.it/source/phorge.git
synced 2024-09-20 09:18:48 +02:00
Fix an issue with embedding slowvotes
Summary:
In some applications, using `{V2}` syntax to embed a vote throws. The chain of causality looks like this:
- We try to render a `phabricator_form()`.
- This requires a CSRF token.
- We look for a CSRF token on the user.
- It's an omnipotent user with no token, so everything fails.
To resolve this, make sure we always pass the real user in.
Test Plan:
- Lots of `grep`.
- Made a Differential comment with `{V2}`.
- Made a Diffusion comment with `{V2}`.
- Made a Maniphest comment with `{V2}`.
- Replied to a Conpherence thread with `{V2}`.
- Created a Conpherence thread with `{V2}`.
- Used Conduit to update a Conpherence thread with `{V2}`.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley, lkassianik
Differential Revision: https://secure.phabricator.com/D8849
This commit is contained in:
epriestley
parent
19debcee8a
commit
3b5883d8c1
8 changed files with 26 additions and 11 deletions
|
|
@ -76,6 +76,7 @@ final class PhabricatorAuditCommentEditor extends PhabricatorEditor {
|
||||||
|
|
||||||
// Find any "@mentions" in the content blocks.
|
// Find any "@mentions" in the content blocks.
|
||||||
$mention_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
$mention_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
||||||
|
$this->getActor(),
|
||||||
$content_blocks);
|
$content_blocks);
|
||||||
if ($mention_ccs) {
|
if ($mention_ccs) {
|
||||||
$metacc = idx(
|
$metacc = idx(
|
||||||
|
|
|
||||||
|
|
@ -90,7 +90,10 @@ final class ConduitAPI_conpherence_updatethread_Method
|
||||||
if ($message) {
|
if ($message) {
|
||||||
$xactions = array_merge(
|
$xactions = array_merge(
|
||||||
$xactions,
|
$xactions,
|
||||||
$editor->generateTransactionsFromText($conpherence, $message));
|
$editor->generateTransactionsFromText(
|
||||||
|
$user,
|
||||||
|
$conpherence,
|
||||||
|
$message));
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,7 @@ final class ConpherenceUpdateController
|
||||||
case ConpherenceUpdateActions::MESSAGE:
|
case ConpherenceUpdateActions::MESSAGE:
|
||||||
$message = $request->getStr('text');
|
$message = $request->getStr('text');
|
||||||
$xactions = $editor->generateTransactionsFromText(
|
$xactions = $editor->generateTransactionsFromText(
|
||||||
|
$user,
|
||||||
$conpherence,
|
$conpherence,
|
||||||
$message);
|
$message);
|
||||||
$delete_draft = true;
|
$delete_draft = true;
|
||||||
|
|
|
||||||
|
|
@ -34,9 +34,9 @@ final class ConpherenceEditor extends PhabricatorApplicationTransactionEditor {
|
||||||
$errors[] = self::ERROR_EMPTY_MESSAGE;
|
$errors[] = self::ERROR_EMPTY_MESSAGE;
|
||||||
}
|
}
|
||||||
|
|
||||||
$file_phids =
|
$file_phids = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||||
PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
$creator,
|
||||||
array($message));
|
array($message));
|
||||||
if ($file_phids) {
|
if ($file_phids) {
|
||||||
$files = id(new PhabricatorFileQuery())
|
$files = id(new PhabricatorFileQuery())
|
||||||
->setViewer($creator)
|
->setViewer($creator)
|
||||||
|
|
@ -78,13 +78,14 @@ final class ConpherenceEditor extends PhabricatorApplicationTransactionEditor {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function generateTransactionsFromText(
|
public function generateTransactionsFromText(
|
||||||
|
PhabricatorUser $viewer,
|
||||||
ConpherenceThread $conpherence,
|
ConpherenceThread $conpherence,
|
||||||
$text) {
|
$text) {
|
||||||
|
|
||||||
$files = array();
|
$files = array();
|
||||||
$file_phids =
|
$file_phids = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||||
PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
$viewer,
|
||||||
array($text));
|
array($text));
|
||||||
// Since these are extracted from text, we might be re-including the
|
// Since these are extracted from text, we might be re-including the
|
||||||
// same file -- e.g. a mock under discussion. Filter files we
|
// same file -- e.g. a mock under discussion. Filter files we
|
||||||
// already have.
|
// already have.
|
||||||
|
|
|
||||||
|
|
@ -82,6 +82,7 @@ final class ConpherenceReplyHandler extends PhabricatorMailReplyHandler {
|
||||||
$xactions = array_merge(
|
$xactions = array_merge(
|
||||||
$xactions,
|
$xactions,
|
||||||
$editor->generateTransactionsFromText(
|
$editor->generateTransactionsFromText(
|
||||||
|
$user,
|
||||||
$conpherence,
|
$conpherence,
|
||||||
$body));
|
$body));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,7 @@ final class ManiphestTransactionSaveController extends ManiphestController {
|
||||||
// list of all the CCs and then construct a transaction for them at the
|
// list of all the CCs and then construct a transaction for them at the
|
||||||
// end if necessary.
|
// end if necessary.
|
||||||
$added_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
$added_ccs = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
||||||
|
$user,
|
||||||
array(
|
array(
|
||||||
$request->getStr('comments'),
|
$request->getStr('comments'),
|
||||||
));
|
));
|
||||||
|
|
|
||||||
|
|
@ -973,7 +973,9 @@ abstract class PhabricatorApplicationTransactionEditor
|
||||||
}
|
}
|
||||||
|
|
||||||
$texts = array_mergev($blocks);
|
$texts = array_mergev($blocks);
|
||||||
$phids = PhabricatorMarkupEngine::extractPHIDsFromMentions($texts);
|
$phids = PhabricatorMarkupEngine::extractPHIDsFromMentions(
|
||||||
|
$this->getActor(),
|
||||||
|
$texts);
|
||||||
|
|
||||||
$this->mentionedPHIDs = $phids;
|
$this->mentionedPHIDs = $phids;
|
||||||
|
|
||||||
|
|
@ -2173,6 +2175,7 @@ abstract class PhabricatorApplicationTransactionEditor
|
||||||
$phids = array();
|
$phids = array();
|
||||||
if ($blocks) {
|
if ($blocks) {
|
||||||
$phids[] = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
$phids[] = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles(
|
||||||
|
$this->getActor(),
|
||||||
$blocks);
|
$blocks);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -494,11 +494,14 @@ final class PhabricatorMarkupEngine {
|
||||||
return $engine;
|
return $engine;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function extractPHIDsFromMentions(array $content_blocks) {
|
public static function extractPHIDsFromMentions(
|
||||||
|
PhabricatorUser $viewer,
|
||||||
|
array $content_blocks) {
|
||||||
|
|
||||||
$mentions = array();
|
$mentions = array();
|
||||||
|
|
||||||
$engine = self::newDifferentialMarkupEngine();
|
$engine = self::newDifferentialMarkupEngine();
|
||||||
$engine->setConfig('viewer', PhabricatorUser::getOmnipotentUser());
|
$engine->setConfig('viewer', $viewer);
|
||||||
|
|
||||||
foreach ($content_blocks as $content_block) {
|
foreach ($content_blocks as $content_block) {
|
||||||
$engine->markupText($content_block);
|
$engine->markupText($content_block);
|
||||||
|
|
@ -512,11 +515,12 @@ final class PhabricatorMarkupEngine {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function extractFilePHIDsFromEmbeddedFiles(
|
public static function extractFilePHIDsFromEmbeddedFiles(
|
||||||
|
PhabricatorUser $viewer,
|
||||||
array $content_blocks) {
|
array $content_blocks) {
|
||||||
$files = array();
|
$files = array();
|
||||||
|
|
||||||
$engine = self::newDifferentialMarkupEngine();
|
$engine = self::newDifferentialMarkupEngine();
|
||||||
$engine->setConfig('viewer', PhabricatorUser::getOmnipotentUser());
|
$engine->setConfig('viewer', $viewer);
|
||||||
|
|
||||||
foreach ($content_blocks as $content_block) {
|
foreach ($content_blocks as $content_block) {
|
||||||
$engine->markupText($content_block);
|
$engine->markupText($content_block);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue